<?php
include "../templates/db/db.php";

$username = htmlspecialchars(trim($_POST['user']));
$password=htmlspecialchars(trim($_POST['pass']));

$select='SELECT username, password, id FROM users WHERE username="' . addslashes($username) . '" AND password="' . md5($password) . '"';
$result_select = mysql_query($select);
$row_select=mysql_fetch_assoc($result_select);
$user_id=$row_select['id'];

if($_POST['submit']){
	if(mysql_num_rows($result_select)==1){
		$_SESSION['username']=$username;
		$_SESSION['user_id']=$user_id;
		$_SESSION['is_logged']=true;
		$_SESSION['ok']=true;
		echo '<meta http-equiv="refresh" content="0;url=vhod.php">';
	}
	else{
		echo '<p class="error">Грешни данни!</p>';
		echo '<p><img src="../img/udiv.jpg" class="udiv" width="250px" height="200px"/></p>';
	}
}
?>